Add heuristics in dissect_xmcp_message() to try to avoid dissecting TCP packets on port 4788 that aren't actually xmcp packets. Also, removed the check for a NULL tree as there's more work to do whether tree is NULL or not.

svn path=/trunk/; revision=39181

1 files changed, 13 insertions, 9 deletions

diff --git a/epan/dissectors/packet-xmcp.c b/epan/dissectors/packet-xmcp.c
index 11e1e468e7..f0841b7735 100644
--- a/epan/dissectors/packet-xmcp.c
+++ b/epan/dissectors/packet-xmcp.c
@@ -855,16 +855,24 @@ dissect_xmcp_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
   xmcp_conv_info_t *xmcp_conv_info;
   xmcp_transaction_t *xmcp_trans;
 
-  col_set_str(pinfo->cinfo, COL_PROTOCOL, "XMCP");
-  /* Clear out stuff in the info column */
-  col_clear(pinfo->cinfo, COL_INFO);
-
   if (tvb_reported_length(tvb) < XMCP_HDR_LEN) {
     return;
   }
+  /* Check for valid message type field */
+  msg_type = tvb_get_ntohs(tvb, 0);
+  if (msg_type & XMCP_TYPE_RESERVED) { /* First 2 bits must be 0 */
+    return;
+  }
+  /* Check for valid "magic cookie" field */
+  if (tvb_get_ntohl(tvb, 4) != XMCP_MAGIC_COOKIE) {
+    return;
+  }
+
+  col_set_str(pinfo->cinfo, COL_PROTOCOL, "XMCP");
+  /* Clear out stuff in the info column */
+  col_clear(pinfo->cinfo, COL_INFO);
 
   /* As in STUN, the first 2 bytes contain the message class and method */
-  msg_type = tvb_get_ntohs(tvb, 0);
   xmcp_msg_type_class = ((msg_type & XMCP_TYPE_CLASS) >> 4);
   xmcp_msg_type_method = (msg_type & XMCP_TYPE_METHOD);
   if (check_col(pinfo->cinfo, COL_INFO)) {
@@ -922,10 +930,6 @@ dissect_xmcp_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
     }
   }
 
-  if (!tree) { /* no details requested */
-    return;
-  }
-
   ti = proto_tree_add_item(tree, proto_xmcp, tvb, 0, -1, FALSE);
   xmcp_tree = proto_item_add_subtree(ti, ett_xmcp);